setupldr!BlLoadImage32Ex函数分析得到第一个节和IMAGE_FIRST_SECTION宏定义

setupldr!BlLoadImage32Ex函数分析得到第一个节和IMAGE_FIRST_SECTION宏定义

//

// Compute the starting page and the number of pages that are consumed

// by the entire image, and then allocate a memory descriptor for the

// allocated region.

//

NumberOfSections = NtHeaders->FileHeader.NumberOfSections;

SectionHeader = IMAGE_FIRST_SECTION( NtHeaders );

D:\srv03rtm\base\boot>grep "IMAGE_FIRST_SECTION" -nr D:\srv03rtm\public\sdk\inc

D:\srv03rtm\public\sdk\inc/ntimage.h:395:// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is the same either way.

D:\srv03rtm\public\sdk\inc/ntimage.h:397:#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \

D:\srv03rtm\public\sdk\inc/winnt.h:6719:// IMAGE_FIRST_SECTION doesn't need 32/64 versions since the file header is the same either way.

D:\srv03rtm\public\sdk\inc/winnt.h:6721:#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \

#define IMAGE_FIRST_SECTION( ntheader ) ((PIMAGE_SECTION_HEADER) \

((ULONG_PTR)ntheader + \

FIELD_OFFSET( IMAGE_NT_HEADERS, OptionalHeader ) + \

((PIMAGE_NT_HEADERS)(ntheader))->FileHeader.SizeOfOptionalHeader \

))

kd> dt _IMAGE_NT_HEADERs 0x00060620+e0

setupldr!_IMAGE_NT_HEADERS

+0x000 Signature : 0x4550

+0x004 FileHeader : _IMAGE_FILE_HEADER

+0x018 OptionalHeader : _IMAGE_OPTIONAL_HEADER

kd> dx -r1 (*((setupldr!_IMAGE_FILE_HEADER *)0x60704))

(*((setupldr!_IMAGE_FILE_HEADER *)0x60704)) [Type: _IMAGE_FILE_HEADER]

+0x000\] Machine : 0x14c \[Type: unsigned short

+0x002\] NumberOfSections : 0x7 \[Type: unsigned short

+0x004\] TimeDateStamp : 0x66e5bdf0 \[Type: unsigned long

+0x008\] PointerToSymbolTable : 0x0 \[Type: unsigned long

+0x00c\] NumberOfSymbols : 0x0 \[Type: unsigned long

+0x010\] SizeOfOptionalHeader : 0xe0 \[Type: unsigned short

+0x012\] Characteristics : 0x210e \[Type: unsigned short

kd> dx -r1 (*((setupldr!_IMAGE_OPTIONAL_HEADER *)0x60718))

(*((setupldr!_IMAGE_OPTIONAL_HEADER *)0x60718)) [Type: _IMAGE_OPTIONAL_HEADER]

+0x000\] Magic : 0x10b \[Type: unsigned short

+0x002\] MajorLinkerVersion : 0x7 \[Type: unsigned char

+0x003\] MinorLinkerVersion : 0xa \[Type: unsigned char

+0x004\] SizeOfCode : 0x1400 \[Type: unsigned long

+0x008\] SizeOfInitializedData : 0xa00 \[Type: unsigned long

+0x00c\] SizeOfUninitializedData : 0x0 \[Type: unsigned long

+0x010\] AddressOfEntryPoint : 0x19f0 \[Type: unsigned long

+0x014\] BaseOfCode : 0x1000 \[Type: unsigned long

+0x018\] BaseOfData : 0x2000 \[Type: unsigned long

+0x01c\] ImageBase : 0x80010000 \[Type: unsigned long

+0x020\] SectionAlignment : 0x1000 \[Type: unsigned long

+0x024\] FileAlignment : 0x200 \[Type: unsigned long

+0x028\] MajorOperatingSystemVersion : 0x5 \[Type: unsigned short

+0x02a\] MinorOperatingSystemVersion : 0x2 \[Type: unsigned short

+0x02c\] MajorImageVersion : 0x5 \[Type: unsigned short

+0x02e\] MinorImageVersion : 0x2 \[Type: unsigned short

+0x030\] MajorSubsystemVersion : 0x5 \[Type: unsigned short

+0x032\] MinorSubsystemVersion : 0x2 \[Type: unsigned short

+0x034\] Win32VersionValue : 0x0 \[Type: unsigned long

+0x038\] SizeOfImage : 0x8000 \[Type: unsigned long

+0x03c\] SizeOfHeaders : 0x400 \[Type: unsigned long

+0x040\] CheckSum : 0x93db \[Type: unsigned long

+0x044\] Subsystem : 0x1 \[Type: unsigned short

+0x046\] DllCharacteristics : 0x400 \[Type: unsigned short

+0x048\] SizeOfStackReserve : 0x40000 \[Type: unsigned long

+0x04c\] SizeOfStackCommit : 0x1000 \[Type: unsigned long

+0x050\] SizeOfHeapReserve : 0x100000 \[Type: unsigned long

+0x054\] SizeOfHeapCommit : 0x1000 \[Type: unsigned long

+0x058\] LoaderFlags : 0x0 \[Type: unsigned long

+0x05c\] NumberOfRvaAndSizes : 0x10 \[Type: unsigned long

+0x060\] DataDirectory \[Type: _IMAGE_DATA_DIRECTORY \[16\]

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] ".text"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x1000

+0x010 SizeOfRawData : 0xc00

+0x014 PointerToRawData : 0x400

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0x68000020

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*1

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] ".data"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x2000

+0x010 SizeOfRawData : 0x200

+0x014 PointerToRawData : 0x1000

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0xc8000040

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*2

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] "PAGEKD"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x3000

+0x010 SizeOfRawData : 0x600

+0x014 PointerToRawData : 0x1200

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0x60000020

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*3

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] ".edata"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x4000

+0x010 SizeOfRawData : 0x200

+0x014 PointerToRawData : 0x1800

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0x40000040

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*4

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] "INIT"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x5000

+0x010 SizeOfRawData : 0x200

+0x014 PointerToRawData : 0x1a00

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0xe2000020

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*5

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] ".rsrc"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x6000

+0x010 SizeOfRawData : 0x400

+0x014 PointerToRawData : 0x1c00

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0x42000040

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*6

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] ".reloc"

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0x7000

+0x010 SizeOfRawData : 0x200

+0x014 PointerToRawData : 0x2000

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0x42000040

kd> dt IMAGE_SECTION_HEADER 0x00060718+e0+28*7

setupldr!IMAGE_SECTION_HEADER

+0x000 Name : [8] ""

+0x008 Misc : __unnamed

+0x00c VirtualAddress : 0

+0x010 SizeOfRawData : 0

+0x014 PointerToRawData : 0

+0x018 PointerToRelocations : 0

+0x01c PointerToLinenumbers : 0

+0x020 NumberOfRelocations : 0

+0x022 NumberOfLinenumbers : 0

+0x024 Characteristics : 0

kd> db 0x00060718+e0

000607f8 2e 74 65 78 74 00 00 00-08 0a 00 00 00 10 00 00 .text...........

00060808 00 0c 00 00 00 04 00 00-00 00 00 00 00 00 00 00 ................

00060818 00 00 00 00 20 00 00 68-2e 64 61 74 61 00 00 00 .... ..h.data...

00060828 9c 00 00 00 00 20 00 00-00 02 00 00 00 10 00 00 ..... ..........

00060838 00 00 00 00 00 00 00 00-00 00 00 00 40 00 00 c8 ............@...

00060848 50 41 47 45 4b 44 00 00-e1 04 00 00 00 30 00 00 PAGEKD.......0..

00060858 00 06 00 00 00 12 00 00-00 00 00 00 00 00 00 00 ................

00060868 00 00 00 00 20 00 00 60-2e 65 64 61 74 61 00 00 .... ..`.edata..

kd> db 0x00060718+e0+80

00060878 fa 00 00 00 00 40 00 00-00 02 00 00 00 18 00 00 .....@..........

00060888 00 00 00 00 00 00 00 00-00 00 00 00 40 00 00 40 ............@..@

00060898 49 4e 49 54 00 00 00 00-b2 01 00 00 00 50 00 00 INIT.........P..

000608a8 00 02 00 00 00 1a 00 00-00 00 00 00 00 00 00 00 ................

000608b8 00 00 00 00 20 00 00 e2-2e 72 73 72 63 00 00 00 .... ....rsrc...

000608c8 e8 03 00 00 00 60 00 00-00 04 00 00 00 1c 00 00 .....`..........

000608d8 00 00 00 00 00 00 00 00-00 00 00 00 40 00 00 42 ............@..B

000608e8 2e 72 65 6c 6f 63 00 00-5c 01 00 00 00 70 00 00 .reloc..\....p..

kd> db 0x00060718+e0+80*2

000608f8 00 02 00 00 00 20 00 00-00 00 00 00 00 00 00 00 ..... ..........

00060908 00 00 00 00 40 00 00 42-00 00 00 00 00 00 00 00 ....@..B........

00060918 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060928 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060938 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060948 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060958 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060968 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

kd> db 0x00060718+e0+80*3

00060978 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060988 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060998 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000609a8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000609b8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000609c8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000609d8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

000609e8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

kd> db 0x00060718+e0+80*4

000609f8 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

00060a08 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................